Contents

How Traceroute Works

Before knowing how traceroute works let's understand what is "TTL'.

TTL

Time-to-live (abbreviated TTL) is a limit on the period of time (or number of iterations/transmissions) in computer network, that a unit of data (e.g. a packet) can experience before it should be discarded.

The time to live value can be thought of as an upper bound on the time that an IP datagram can exist in an internet system.

The TTL field is set by the sender of the datagram, and reduced by every host on the route to its destination. If the TTL field reaches zero before the datagram arrives at its destination, then the datagram is discarded and an ICMP error datagram (Time Exceeded) is sent back to the sender.

The purpose of the TTL field is to avoid a situation in which an undeliverable datagram keeps circulating on an internet system, and such a system eventually becoming swamped by such immortal datagrams.

In IPv4, time to live (TTL) is an 8-bit field in the IP header.

TraceRoute

Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent.

1. As shown in figure below the first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop).

2. The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an "ICMP time exceeded" packet to the sender.

3. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. The three timestamp values returned for each host along the path are the delay (latency) values for each packet in the batch.

4. If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.

5. On Linux, the traceroute utility by default uses UDP datagrams with destination ports number from 33434 to 33534.

Sample Traceroute Session

At the end it shows at the gateway "64.129.234.132: returning ICMP message "Destination net unreachable" Probably, either the router has a configuration problem, or the 64.129.234.132 network does not exist, reflecting a bad IP address.